Before I really started my InfoSec career, I always thought this sort of thing was super drawn out and complicated. Now that I have experience, it’s sort of eye opening to see how easily it can be done.
@@mehregankbi yeah this is why another way this is done is change some pixel values to store data as a sort of pattern, can't be normally seen by humans if the image is high res enough
Actually real steganography is done in another way, but similar results. Change the least significant bit (LSB) of rgb element in each pixel so that its odd or even. The pattern of odds and even ( 0 and 1 ) will give you a hidden message when you extract. This way you’re basically altering the real image im a way its not distorted instead of adding to the image.
This is great! This was my first time trying steganography and using python and this was super interesting! You did a great job of walking through which each step's purpose was!
you can hide zip archive in jpg images using the copy comand in cmd. opening it in 7zip will open the archive, but otherwise it will open as a normal image
Works because a ZIP archive has the metadata at the end (if you add more files to an archive, its metadata is going to grow, so if it's at the end you don't have to move as much data to make space). Learnt about that because back in the 90s, I had some installer that was a shell script with appended zip archive.
@@Ph34rNoB33r It's even simpler than that, it even works with e.g. RAR (which doesn't concentrate metadata on members at all, just adds a list of offsets at the end when you add a "quick open header" to RAR5 archives) or 7-Zip (which has the table of contents at the beginning). Archivers just scan the file until they find an archive file signature to support self-extracting archives, which are just an archive appended to an unpacker executable.
hmmm interesting thought otd. Given recent advances in ai code suggestions, it makes me wonder if gpt3 could be trained to decompile object code to some reasonable facsimile of the original code. The art of code decompiling is even more mysterious than coding since you have to devine meanings of the symbol table just through sometimes very obscure usage. This might be one more opportunity for ai to really shine. Awesome as always. The most interesting materials are never found on the most beaten path. The best stuff is found in the unknown.
Thanks for the content 👍. I've got a question please. Is there a way to automatically extract and launch the executable file in the background after reaching the EOF flag of the image
Was a bit disappointed you just appended data to the image file, lots of image upload services just strip data past the end. You can have more success with adding application-specific JPEG segments (APP2..APP15 - APP0 is already used for JFIF and APP1 for Exif) or even encoding hidden messages into the actual quantization matrices.
Quick question - Is it possible to execute a standalone .exe file (which is injected into the .jpg file) when a user opens the .jpg image? Great video btw!
No, the executable file has to have a special byte sequence at the beginning - in x86 times this was "MZ…" if I remember correctly - look it up with a hexcode editor. Maybe for x64 architecture, a variant is used, maybe it is different. But the file has to start with that.
No, its not possible. As i said in another comment: Thats not how it works at all. You can hide a virus / malicious code in a JPEG or any other file really, the thing is that it doenst get executed because its not an executable. When photoshop for example reads the data from the JPEG file it only reads it (to the FFD9) but it doenst execute the rest of the binary lol. The only way to get a virus from opening a jpeg file is with a third party image reader than executes the bytes after the image.
No need for python here. For bash/zsh, this will do: `cat heart.png >> photo.jpeg`. It will work with any other file :D Windows shell uses `type` instead of `cat`.
This is cool because it means we can have a way to hide data on open networks, and when sending things to people, or just simply to hide things on your own device, like your you know what photos
@@ApiolJoe not necessarily when people who know what they’re doing involved, but when you have a network full of people who don’t know their way around a computer properly, this is great
@@ApiolJoe Security by obscurity is a legitimate thing. It's only insecure if someone is looking at what you're doing very closely, and looking _specifically_ for this technique -- in which case, you probably wouldn't get past them anyway.
I downloaded a random image off the internet so I could do this on. I couldn't figure out why I couldn't get it to read, I was able to write to the jpg. Turns out it already has another hidden message inside it that's more complicated to extract lol.
Very informative. But I've a question. Let's say I download some jpeg by mistake, which has hidden exe. How can someone make this exe extract itself and run on my device? What are the steps I can do to prevent that from happening? Because tbh there is no way to know which image is infected and which isn't, and it's not possible to stay away from downloading images at all. Should I write a python code to check the images by myself? And will that exe stay inside the image safely till I'm able to verify the image using python?
I really appreciate these kind of videos. You explaining Stuff which I didnt know existed. Really Cool, now I'm never gonna click a jpeg lol.Hope you get a 100k in a couple of weeks.
A problem I found with the hello world part is the FF D9 is always at the end of jpg file, BUT it does not mean FF D9 cannot appear elsewhere in the file. In my case, I found a jpg file that had FF D9 in 2 other separate spots than at the end.
this is no hiding because such thngs become well known and soon tools to extract such hidden info starts surfacing not to speak of such videos explaining it all in baby steps to python ignorants or python lazy ... give us true steganography algorithms
But why? It is good for nothing. Moreover, exe files have inital sequences, too, and if antiviral software detects these inside an image file, they will got to defcon 1. You actually increase the probailty of being detected dramatically.
bruh. here I thought you were actually gonna do something smart with pixels. you're also banking on the parser not checking for bigger file size, I doubt it's actually part of the spec that you can just have whatever there. Basically making a 16m long video to say "do a concat".
Mind if you do come across something in the wilds of the net I wouldn't run it unless you really know what you're doing. (Sandbox VM, profilers, decompilers, etc)
this is cool, by obvious for people searching for a payload. Why modify the pixels like the png steganography tutorial don't work with jpeg? Thank you btw for this video
JACKPOT!! first of all great vid! and second THNX to all users for placing comments here! with all posted 'script' and occured 'error' copied&pasted messages i was able to make some nasty googledork lines. what appeared to be random non related searchresults containing a lot of links to just empty white webpages,image results showing just 1 simple colour or replacement txt error versions. first it did not make sence to me at all. But i found out the hardway a imagefile CAN be executed if downloaded or bij simply following and click the link! hooks hooks and more hooks. a 18gb payload burst deliverd by,... a shitty icon image!! that thinny small image on top of every tab is more dangerous then all those "weakpoint" plugin extensions. it bypasses the browserframework,settles in your temp file,appdat file etc.. a icon (18gb zise) well,.... hope those who will find thiss too have fast internet! it brakes the browser almost into freezing up.
Thank you so much, I always wanted to know how it works, I know I say this every time you see my messages or comments, but you are the holy grail. You learned me so much thing since that last 2 years ! big love on you bro
There is nothing wrong with this approach :p. The target of this video is beginner CS students that are interested in cybersec, I think, so they are less comfy with cmd or sh D:
Does this work as the old DOS copy /b command? If so, if I remember correctly, you can skip the extraction part and just change the extension to which part you want to see (e.g. photo.jpg opens in photo editor, photo.txt opens in notepad and shows just the text Hello world)...
Copy yes true, but when change extension then the program start to read every time from first byte, not from the second file hidden inside, so you will have simply a notepad full of ascii characters before the final correct text
offset = content.index(bytes.fromhex('FFD9')) Traceback (most recent call last): File "", line 1, in ValueError: subsection not found can some one help me
Ok, I apologize, long day. However, I'm 7 mins in, read the comments below "Wow, Super Cool" and the like... I know I should stay till the end but? I can't see the why? Why would I want to do this?
So this is usable but wouldn't hide anything from a bytewise search or anyone who knows anything about programming. There's a much better way to hide stuff in images, you write your info into the least significant color bits of the image. If you do it correctly you can even do it with a jpg but a non-compressed file is easier. You can literally just print text that wont be visible in the image and it won't look like a addended file. But if you're going to do this compress your data and at least terminate it with FFD9 so a casual look still looks like a JPG.
I once took a peek of what's inside the APK of a mobile game I have and I see only one image file with size like 100MB. The photo is damaged or nothing to display so I suspect the files and resources are in that image file. After watching this, everything becomes clear now.
I bought a reference 5700 (non-xt) when they were being discontinued for $270. I spent another $70 to get the Artic Freezer aftermarket cooler. Then flashed it with the XT bios. Since then, AMD has only improved the drivers and performance. The only times I've had any issues were pushing unstable overclocks or with game titles that are notoriously bad to begin with.
THANK YOU. I have been looking for this tutorial for ages. You can't imageine how much time I spent trying to find a way to do this, thank you so much. btw I'm downloading this video so I won't lose it again
